CVE-2002-0721

2002-09-0504:00:00

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

Confidence

Low

EPSS

0.062

Percentile

93.6%

JSON

Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote attackers, to run stored procedures with administrator privileges via (1) xp_execresultset, (2) xp_printstatements, or (3) xp_displayparamstmt.

Affected configurations

Nvd

Node

microsoftdata_engineMatch1.0

microsoftdata_engineMatch2000

microsoftsql_serverMatch7.0

microsoftsql_serverMatch7.0sp1

microsoftsql_serverMatch7.0sp2

microsoftsql_serverMatch7.0sp3

microsoftsql_serverMatch7.0sp4

microsoftsql_serverMatch2000

microsoftsql_serverMatch2000sp1

microsoftsql_serverMatch2000sp2

VendorProductVersionCPE
microsoftdata_engine1.0cpe:2.3:a:microsoft:data_engine:1.0:*:*:*:*:*:*:*
microsoftdata_engine2000cpe:2.3:a:microsoft:data_engine:2000:*:*:*:*:*:*:*
microsoftsql_server7.0cpe:2.3:a:microsoft:sql_server:7.0:*:*:*:*:*:*:*
microsoftsql_server7.0cpe:2.3:a:microsoft:sql_server:7.0:sp1:*:*:*:*:*:*
microsoftsql_server7.0cpe:2.3:a:microsoft:sql_server:7.0:sp2:*:*:*:*:*:*
microsoftsql_server7.0cpe:2.3:a:microsoft:sql_server:7.0:sp3:*:*:*:*:*:*
microsoftsql_server7.0cpe:2.3:a:microsoft:sql_server:7.0:sp4:*:*:*:*:*:*
microsoftsql_server2000cpe:2.3:a:microsoft:sql_server:2000:*:*:*:*:*:*:*
microsoftsql_server2000cpe:2.3:a:microsoft:sql_server:2000:sp1:*:*:*:*:*:*
microsoftsql_server2000cpe:2.3:a:microsoft:sql_server:2000:sp2:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	data_engine	1.0	cpe:2.3:a:microsoft:data_engine:1.0:::::::*
microsoft	data_engine	2000	cpe:2.3:a:microsoft:data_engine:2000:::::::*
microsoft	sql_server	7.0	cpe:2.3:a:microsoft:sql_server:7.0:::::::*
microsoft	sql_server	7.0	cpe:2.3:a:microsoft:sql_server:7.0:sp1::::::
microsoft	sql_server	7.0	cpe:2.3:a:microsoft:sql_server:7.0:sp2::::::
microsoft	sql_server	7.0	cpe:2.3:a:microsoft:sql_server:7.0:sp3::::::
microsoft	sql_server	7.0	cpe:2.3:a:microsoft:sql_server:7.0:sp4::::::
microsoft	sql_server	2000	cpe:2.3:a:microsoft:sql_server:2000:::::::*
microsoft	sql_server	2000	cpe:2.3:a:microsoft:sql_server:2000:sp1::::::
microsoft	sql_server	2000	cpe:2.3:a:microsoft:sql_server:2000:sp2::::::